@104corp/cfn-vpc-module

[![Build Status](https://travis-ci.com/104corp/cfn-vpc-module.svg?token=1abDynFsqKk2XyATWmgy&branch=master)](https://travis-ci.com/104corp/cfn-vpc-module) [![NPM version](https://img.shields.io/npm/v/@104corp/cfn-vpc-module.svg)](https://www.npmjs.com/pac

Usage no npm install needed!

<script type="module">
  import 104corpCfnVpcModule from 'https://cdn.skypack.dev/@104corp/cfn-vpc-module';
</script>

README

CloudFormation VPC Module

Build Status NPM version

AWS VPC service deployment from CloudFromation Template

Manage Resources

  • VPC
  • FlowLog
  • InternetGateway
  • NAT Gateway
  • EIP
  • Endpoint
  • DHCPOptions
  • Subnet
  • RouteTable
  • SecurityGroup (Privatelink)
  • S3 Bucket

Install

Install Node.js and npm first!

npm i @104corp/cfn-vpc-module

Usage

  • default
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.0.0.0/16'
        PublicSubnetACIDR: '10.0.1.0/24'
        PublicSubnetBCIDR: '10.0.2.0/24'
        PrivateSubnet1ACIDR: '10.0.3.0/24'
        PrivateSubnet1BCIDR: '10.0.4.0/24'
        PrivateSubnet2ACIDR: '10.0.5.0/24'
        PrivateSubnet2BCIDR: '10.0.6.0/24'
        PrivateSubnet3ACIDR: '10.0.7.0/24'
        PrivateSubnet3BCIDR: '10.0.8.0/24'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'
  • With NAT Subnet
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.152.0.0/21'
        PublicSubnetACIDR: '10.152.0.0/26'
        PublicSubnetBCIDR: '10.152.0.64/26'
        PrivateSubnet1ACIDR: '10.152.1.0/24'
        PrivateSubnet1BCIDR: '10.152.2.0/24'
        PrivateSubnet2ACIDR: '10.152.3.0/24'
        PrivateSubnet2BCIDR: '10.152.4.0/24'
        PrivateSubnet3ACIDR: '10.152.5.0/24'
        PrivateSubnet3BCIDR: '10.152.6.0/24'
        NatSubnetACIDR: '10.152.0.128.0/26'
        NatSubnetBCIDR: '10.152.0.192.0/26'
        NatGatewayMultiAZ: 'true'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "devops-infra-cfn-vpc-module",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DeleteTags",
                "s3:*",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "ec2:CreateNatGateway",
                "ec2:*Address*",
                "ec2:*FlowLogs",
                "cloudformation:*",
                "ec2:*NetworkAcl*",
                "ec2:*Route*",
                "ec2:StopInstances",
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:*Vpc*",
                "ec2:*DhcpOptions*",
                "ec2:*Gateway*",
                "ec2:*SecurityGroup*",
                "ec2:*Subnet*",
                "logs:*"
            ],
            "Resource": "*"
        }
    ]
}

Package

$ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml

Deploy

$ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>

templates/main

Description

AWS-HUB-Shared Infrastructure included VPC, Subnet, Security Group ... etc.

Parameters

The list of parameters for this template:

EnvType

Type: String Default: Dev Description: Environment Type for this Stack.

StackOwner

Type: String Default: StackOwnerDefault Description: (Optional) Product Owner Name, default is StackOwnerDefault

VpcCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) VPC CIDR

PublicSubnetACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1a CIDR

PublicSubnetBCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1b CIDR

PrivateSubnet1ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-1 CIDR

PrivateSubnet1BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-1 CIDR

PrivateSubnet2ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-2 CIDR

PrivateSubnet2BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-2 CIDR

PrivateSubnet3ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-3 CIDR

PrivateSubnet3BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-3 CIDR

NatSubnetACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

NatSubnetBCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

NatGatewayMultiAZ

Type: String Default: true Description: (Optional) Enable Multi-AZ NAT Gateway of Route. default is true

PublicRoutePropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

PrivateRoutePropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

NatRouteAPropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

NatRouteBPropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

FlowLogEnable

Type: String Default: false Description: (Optional) Enable VPC Flow log

FlowLogTrafficType

Type: String Default: ACCEPT

FlowLogS3Replication

Type: String
Description: (Optional) Setting flow log replication to other S3.

DHCPOptionNtpServers

Type: CommaDelimitedList Default: 169.254.169.123 Description: (Optional) NTP Servers for instances, default is 169.254.169.123

DHCPOptionDomainNameServers

Type: CommaDelimitedList Default: AmazonProvidedDNS Description: (Optional) Domain Name Server for instances, default is AmazonProvidedDNS

EndpointS3

Type: String Default: false Description: (Optional) VPC Gateway Endpoint for S3, default is false

EndpointDynamoDB

Type: String Default: false Description: (Optional) VPC Gateway Endpoint for DynamoDB, default is false

EndpointEC2

Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2, default is false

EndpointECS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS, default is false

EndpointSTS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for STS, default is false

EndpointCloudFormation

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudFormation, default is false

EndpointEC2Messages

Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2 Messages, default is false

EndpointECRAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR API, default is false

EndpointECRDKR

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR DKR, default is false

EndpointECSAgent

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Agent, default is false

EndpointECSTelemetry

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Telemetry, default is false

EndpointAppstreamAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream API, default is false

EndpointAppstreamStreaming

Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream streaming, default is false

EndpointAthena

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Athena, default is false

EndpointCloudTrail

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudTrail, default is false

EndpointCodeBuild

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeBuild, default is false

EndpointCodeCommit

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeCommit, default is false

EndpointCodePipeline

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodePipeline, default is false

EndpointConfig

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Config, default is false

EndpointDatasync

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Datasync, default is false

EndpointElasticInferenceRuntime

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic interface runtime, default is false

EndpointElasticLoadBalancing

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic balancing, default is false

EndpointEvents

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch events, default is false

EndpointExecuteAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Execute API, default is false

EndpointKinesisFirehose

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis Firehose, default is false

EndpointKinesisStreams

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis streams, default is false

EndpointKMS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for KMS, default is false

EndpointLogs

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch logs, default is false

EndpointMonitoring

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch Monitoring, default is false

EndpointSecretsManager

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Secrets Manager, default is false

EndpointSNS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SNS, default is false

EndpointSQS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SQS, default is false

EndpointSSM

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM, default is false

EndpointSSMMessages

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM Messages, default is false

NameSuffix

Type: String
Description: (Optional) Append with resource and export name with suffix.

Resources

The list of resources this template creates:

VPC

Type: AWS::EC2::VPC

DHCPOptionsSetDefault

Type: AWS::EC2::DHCPOptions

DHCPOptionsSetAssociationDefault

Type: AWS::EC2::VPCDHCPOptionsAssociation

PublicSubnetA

Type: AWS::EC2::Subnet

PublicSubnetB

Type: AWS::EC2::Subnet

PrivateSubnet1A

Type: AWS::EC2::Subnet

PrivateSubnet1B

Type: AWS::EC2::Subnet

PrivateSubnet2A

Type: AWS::EC2::Subnet

PrivateSubnet2B

Type: AWS::EC2::Subnet

PrivateSubnet3A

Type: AWS::EC2::Subnet

PrivateSubnet3B

Type: AWS::EC2::Subnet

InternetGateway

Type: AWS::EC2::InternetGateway

VPCGatewayAttachment

Type: AWS::EC2::VPCGatewayAttachment

ProtectedSubnetA

Type: AWS::EC2::Subnet

ProtectedSubnetB

Type: AWS::EC2::Subnet

ProtectedRouteTableA

Type: AWS::EC2::RouteTable

ProtectedRouteTableB

Type: AWS::EC2::RouteTable

ProtectedRouteA

Type: AWS::EC2::Route

ProtectedRouteB

Type: AWS::EC2::Route

ProtectedRouteBMultiAZ

Type: AWS::EC2::Route

ProtectedSubnetARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

ProtectedSubnetBRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

NatEipA

Type: AWS::EC2::EIP

NatEipB

Type: AWS::EC2::EIP

NatGatewayA

Type: AWS::EC2::NatGateway

NatGatewayB

Type: AWS::EC2::NatGateway

PublicRouteTable

Type: AWS::EC2::RouteTable

PrivateRouteTable

Type: AWS::EC2::RouteTable

PublicRoutePropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

PrivateRoutePropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteAPropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteBPropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

PublicSubnetARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PublicSubnetBRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PublicRoute

Type: AWS::EC2::Route

VPCEndpointS3

Type: AWS::EC2::VPCEndpoint

VPCEndpointDynamoDB

Type: AWS::EC2::VPCEndpoint

VPCEndpointEC2

Type: AWS::EC2::VPCEndpoint

VPCEndpointECS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSTS

Type: AWS::EC2::VPCEndpoint

VPCEndpointCloudFormation

Type: AWS::EC2::VPCEndpoint

VPCEndpointEC2Messages

Type: AWS::EC2::VPCEndpoint

VPCEndpointECRAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointECRDKR

Type: AWS::EC2::VPCEndpoint

VPCEndpointECSAgent

Type: AWS::EC2::VPCEndpoint

VPCEndpointECSTelemetry

Type: AWS::EC2::VPCEndpoint

VPCEndpointAppstreamAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointAppstreamStreaming

Type: AWS::EC2::VPCEndpoint

VPCEndpointAthena

Type: AWS::EC2::VPCEndpoint

VPCEndpointCloudTrail

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodeBuild

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodeCommit

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodePipeline

Type: AWS::EC2::VPCEndpoint

VPCEndpointConfig

Type: AWS::EC2::VPCEndpoint

VPCEndpointDatasync

Type: AWS::EC2::VPCEndpoint

VPCEndpointElasticInferenceRuntime

Type: AWS::EC2::VPCEndpoint

VPCEndpointElasticLoadBalancing

Type: AWS::EC2::VPCEndpoint

VPCEndpointEvents

Type: AWS::EC2::VPCEndpoint

VPCEndpointExecuteAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointKinesisFirehose

Type: AWS::EC2::VPCEndpoint

VPCEndpointKinesisStreams

Type: AWS::EC2::VPCEndpoint

VPCEndpointKMS

Type: AWS::EC2::VPCEndpoint

VPCEndpointLogs

Type: AWS::EC2::VPCEndpoint

VPCEndpointMonitoring

Type: AWS::EC2::VPCEndpoint

VPCEndpointSecretsManager

Type: AWS::EC2::VPCEndpoint

VPCEndpointSNS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSQS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSSM

Type: AWS::EC2::VPCEndpoint

VPCEndpointSSMMessages

Type: AWS::EC2::VPCEndpoint

VPCPrivatelinkSecurityGroup

Type: AWS::EC2::SecurityGroup

VPCFlowLog

Type: AWS::EC2::FlowLog

VPCFlowLogS3Bucket

Type: AWS::S3::Bucket

Outputs

The list of outputs this template exposes:

VPC

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

InternetGateway

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DefaultSecurityGroup

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}]]}]}

PublicSubnetA

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}]]}]}

PublicSubnetB

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}]]}]}

VPCPrivatelinkSecurityGroup

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DHCPOptionsSetDefault

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

Maintenance

Maintainers:

  • 104corp